Mailgates

mailgates

Vendor: Openfind • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-6739 1Openfind 2Mailaudit Mailgates Nov 21, 2024 Jul 15, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
CVE-2020-25849 1Openfind 2Mailaudit Mailgates Nov 21, 2024 Nov 1, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.
CVE-2020-12782 1Openfind 2Mailaudit Mailgates Nov 21, 2024 Jun 23, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files.